[ic] UserDB/UI Access Security Consideration

Stefan Hornburg racke@linuxia.de
15 Oct 2000 13:41:26 +0200


Something that is troubling me quite some time is the error message
if the authentification fails. It should at least not reveal the fact that
the user doesn't exist. IMHO it is not a good idea to supply a possible
intruder with information about your system. What do you think about it ?

Bye
        Racke
 
-- 
LinuXia Systems && Cobolt NetServices, eCommerce and more
Shop- und Datenbanklösungen mit MiniVend, Firewalls auf Debian-Basis
http://www.linuxia.de - http://www.cobolt.net
--> Junior Officer of the MiniVend/Interchange Bug Patrol <---